Malicious code in CCleaner compromised more than 2 million computers

PUBLISHED Mon, September 18, 2017 - 6:35pm EDT
Screenshot of CCleaner (Credit: Piriform)

A malicious code was inserted into a version of computer clean-up tool CCleaner, creating a backdoor in more than 2 million computers and potentially allowing those responsible to take control of the devices, the company said on Monday.

The breach was discovered on September 12 when Piriform - the company that created CCleaner - discovered that its software was sending data to an unknown IP address. An investigation revealed that two programs released in August had been "illegally modified" before being released to the public.

The breach affects CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems. About 2.27 million computers are believed to have installed the compromised software, although it's still unclear whether hackers took control of any of the devices.

In a technical description, the company explained that CCleaner.exe had been modified to create a two-stage backdoor capable of running code sent by those responsible. It also sent encrypted data to the hackers, providing them with the computer's name, a list of installed software to include Windows updates, a list of running processes, MAC addresses, and the status of administrator privileges.

Paul Young, the vice president of products at Piriform, said in a blog post on Monday that the server used by the hackers was taken down and other potential servers are 'out of their control.' Users of version 5.33.6162, however, have been advised to update to the latest version while users of CCleaner Cloud received an automatic update.

"At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it," Young said. "The investigation is still ongoing. We want to thank the Avast Threat Labs for their help and assistance with this analysis."

Young apologized to users of CCleaner and said the company is taking "detailed steps internally" to prevent such a breach from happening again. "If you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher," he added.

CCleaner was first released in 2003 and allows people to delete temporary or potentially unwanted files to help optimize their computer. Piriform, which was acquired by Avast in July, says CCleaner has been downloaded more than 2 billion times, with an average of 5 million new users every week.

  London, England     





Happening Now

Colin Kaepernick preparing to file a collusion grievance against the NFL

Ophelia becomes a major category 3 hurricane, heads for Ireland

Shooting with multiple victims Trelleborg, Sweden

WATCH LIVE: SpaceX launch and landing attempt

U.S. and allies stage firing drill in show of force against North Korea


Listen to "BNO News - Breaking News Radio" on Spreaker.



Just want the important news? Sign up now for the fastest email alerts from BNO News. Click here to get started!


Police investigate report of shooting in Stephenville, Texas

Strong earthquake strikes near Bouvet Island in the South Atlantic

ESPN suspends anchor Jemele Hill for 2 weeks

Texas Amber Alert: Sherin Mathews missing from Richardson

Woman arrested after scaling fence at Buckingham Palace


Dam failure ‘imminent’ in northwest Puerto Rico, evacuations underway

U.S. Senator John McCain will not support revised GOP health care bill

North Korean leader vows to respond to Trump’s threat

Powerful earthquake strikes south of Mexico City, killing at least 226

Maria becomes a hurricane as it moves towards the Caribbean